Manage the CyberArk License

The license that you will receive before you install the Vault server determines how many users, passwords, and files you can store in the Vault. In addition, it determines groups of user types and the different interfaces that each type can use.

By default, the Vault issues a warning one week before the license expires, and every day after that until the license expires. The Vault can also be configured to issue notifications when predetermined percentages of licensed users have been created.

Monitor the user license

The LicenseUsageAlertLevel parameter in DBParm.ini determines when notifications will be sent to predefined recipients with information about license usage

  1. In DBParm.ini, set the LicenseUsageAlertLevel parameter.

This parameter defines three thresholds for license usage percentage, which is determined by the number of users of each user type that are defined in the Vault. When the number of licensed users reaches the specified percentage thresholds, notifications are sent to predefined recipients.

When the first percentage threshold is reached, a notification is sent to recipients, and likewise when the second specified threshold is reached. When the third threshold is exceeded, a notification will be sent each time a new user is added.

The following example shows the default setting for the LicenseUsageAlertLevel parameter:

  
LicenseUsageAlertLevel=85,90,99

Using the above example, a notification will be issued when 85% of the maximum number of licensed users has been added to the Vault, and another notification will be sent when 90% of the maximum number of licensed users has been added. When 99% of the maximum number of licensed users has been added to the Vault, a notification will be sent each time another user is added.

Each time a notification is sent, a message will be written in the ITALog.

This notification is enabled by default immediately after installation. For more information about configuring notifications, refer to Email notifications.

Report License Usage

The License Capacity report contains information about the licensed user types and objects in the Vault. It enables users to see the maximum number of licenses for each user type or object, and the number of used licenses for each one.

Only user types and objects that are limited by the license are displayed in this report. Predefined Vault users and groups are not included in the license usage.

  1. In the PrivateArk Client, from the Tools menu, select Reports, and then License Capacity Report; the report is displayed.

Install a New License

If you receive a new license from your CyberArk representative after you have installed the Vault, you can install it without having to reinstall the Vault. This license can be installed either from the Vault machine or from a remote machine.

  1. In the PrivateArk Client, log onto the Vault using the Administrator user or other user that has access to the System Safe.

  2. From the System Safe, retrieve License.xml and save a backup copy.

  3. Store the new License.xml in the Root folder of the System Safe; the system automatically installs the new License.xml.

Standalone and Distributed Vaults

  1. Connect to the Primary or Standalone Vault.
  2. Log on to the Vault machine as the Administrator user.
  3. Copy the new license file (license.xml) to the Server\Conf folder (<Drive>:\Program Files (x86)\PrivateArk\Server\Conf).

  4. Restart the Vault application.

     

    One can also remotely restart the Vault Server Service with Cyber-Ark's PARClient's commands of "Stop Vault" and "Start Vault".
  5. Repeat these steps for each Satellite Vault in a Distributed Vaults environment.

DR Vaults

  1. Connect to the DR Vault.
  2. Log on to the Vault machine as the Administrator user.
  3. Copy the new license file (license.xml) to the Server\Conf folder (<Drive>:\Program Files (x86)\PrivateArk\Server\Conf).
 

There is no need to restart anything because the service by default is off.

Cluster Vaults

Primary site:

  1. Connect to the passive node in the Vault cluster
  2. Log on to the Vault machine as the Administrator user.
  3. Copy the new license file (license.xml) to the Server\Conf folder (<Drive>:\Program Files (x86)\PrivateArk\Server\Conf).
  4. Repeat these steps on the active node.
  5. Fail over using the CVM from the active node to the passive node.

DR site:

  1. Connect to the passive node in the Vault cluster
  2. Log on to the Vault machine as the Administrator user.
  3. Copy the new license file (license.xml) to the Server\Conf folder (<Drive>:\Program Files (x86)\PrivateArk\Server\Conf).
  4. Repeat these steps on the active node.
 

There is no need to fail over from the active node to the passive node because the service by default is off.

Standalone Vaults

  1. Log on to the Vault using a PrivateArk client with a user that has access to the System Safe.
  2. Replace the current license file in the System Safe with the new license.xml.

DR Vaults

Follow the instructions in Replace a license file.

Cluster Vaults

Follow the instructions in Replace a license file.

 

The one service that may need to be restarted is the "Privileged Session Manager" service, as it will not recognize a change to the number of concurrent sessions until this has been done.